The US Customs and Border Protection Service said that images of travelers were unveiled during a malicious cyber attack.
License plate images were exposed during an attack that compromised a subcontractor's computer network.
It did not specify the number of images and indicated that none of the data had been identified on the Internet or Dark Web.
CBP did not name the contractor. On May 31, the subcontractor had transferred copies of the images to his corporate network, in violation of government policies and without agency authorization.